CAN-2005-2820
CAN-2005-2820 affects the courier/sqwebmail stack. The vulnerability arises from missing input sanitisation that, via Internet Explorer Conditional Comment handling in SqWebmail, can cause hidden JavaScript execution when a user views a malicious email. This is a remote cross-site scripting issue...